The Voice of Cyber®

KBKAST
Episode 167: Satnam Narang
First Aired: March 10, 2023

In this episode, Satnam explores the dangers of pig butchering scams, which are a type of investment fraud that typically involve romance and human trafficking, originating in Southeast Asia. He discusses elaborate scams using romance platforms, and how criminals use stolen images of real women to present themselves as real people. He also explores the dangers of online dating scams and the repercussions which can be severe. Finally, He suggests people should always question if something seems too good to be true.

Satnam Narang is Sr. Staff Research Engineer at Tenable with over 14 years of experience in the industry (M86 Security and Symantec). He contributed to the Anti-Phishing Working Group, helped develop a Social Networking Guide for the National Cyber Security Alliance, uncovered a huge spam botnet on Twitter and was the first to report on spam bots on Tinder.

He’s appeared on NBC Nightly News, Entertainment Tonight, Bloomberg West, and the Why Oh Why podcast.

Help Us Improve

Please take two minutes to write a quick and honest review on your perception of KBKast, and what value it brings to you professionally. The button below will open a new tab, and allow you to add your thoughts to either (or both!) of the two podcast review aggregators, Apple Podcasts or Podchaser.

Episode Transcription

These transcriptions are automatically generated. Please excuse any errors in the text.

Introduction (00:24)
You’re listening to Kbkast, the cyber security podcast for all executives, cutting through the jargon and hype to understand the landscape where risk and technology meet. Now, here’s your host, Karisa Breen.

Karissa (00:38)
Joining me today is Satnam Narang, Senior Staff Research Engineer from Tenable. And today we’re discussing pig butchering, what it is, and the impact it has on people. So, Satnam, thank you so much again for coming back on the show. You always have really interesting topics to bring to me, which I find really interesting. So I want to start with this. So the term pig butchering, now, it sounds pretty savage. So what is it exactly?

Satnam Narang (01:06)
Yeah, the term is meant to evoke this pretty severe emotion in people when you think about it because it’s essentially the terminology I think it’s called ShooZoopon or I think Shoe Zupan is the name that some people have used to refer to it as. And basically that means pig butchering scam. And what it is is it’s a type of investment fraud that typically happens involving romance. It’s a merging of the two. You have investment types of scams or investment fraud and you have romance scams. They married the two together to create pig butchering. The reason why they call it pig butchering is because you have to fatten up the victim. And the way you do that is by playing a long con by convincing them that you actually want to have a romantic relationship with them in order to get them to develop a sense of trust.

Karissa (01:58)
Wow. Okay. Term is that thing the market now, I understand where the name came from. Now, you and I spoke this year about a tinder swindler. Now, he had the same approach around playing the long game, right? As you and I spoke through and people who’ve watched the documentary, if you haven’t, you should check it out. But he plays the whole long game and a lot of these things and this whole big scam he was playing. It wasn’t quick money. It was 12 plus months that he was playing. Is that the same approach, though, for pig butchering?

Satnam Narang (02:30)
No, not necessarily because in the case of the tender swindler, you just had one person operating the scam. The way the pig butchering works, there are multiple individuals involved in this. I think there is some level or some degree of human trafficking involved as well. I don’t have the specifics on that for you, but I know that this is mostly originating in Southeast Asia. So you have shops basically, not too dissimilar to the stuff we see around. I don’t know if you’re aware, but I think most of your listeners are too. But the little fake Microsoft emails or things like that saying, Hey, your license is expiring or your antivirus is expiring, please call this number and then you end up in a call center. It’s not too dissimilar from that, but the differences is that we don’t really know if some of the people behind these are actually doing it willingly or if they’re actually being forced to.

Karissa (03:26)
Wow. Okay, that is really interesting. So okay, now, how does this come about? Is it that you’re on a dating app? Now, I’ve heard people say… I mean, I’m not on dating apps, but if you were to be on one, I have heard people in the past saying 80 % of tinder profiles are fake because it’s maybe of this pig butchering nature where it’s like straight away they try to convince you to chat on WhatsApp. I remember a friend of mine saying he’s like, It definitely felt like it was a different person. Is that how this pig butchering thing works? S trade away, they get you on the app and then straight away they’re trying to move you towards WhatsApp. So then try to move laterally towards you to make you fatten them up, process starts, or how does it work? Yeah.

Satnam Narang (04:12)
So it varies, Karisa. So I think romance apps, dating apps are one place where you’ll find a lot of these pig butchering scammers basically lying in wait, trying to find their next victim. And the goal is to get them to a different platform like a WhatsApp or even a Telegram too, because Telegram is a little bit open season as well. It’s not like a signal or anything like that. It’s an interesting place. I found when I’ve been doing some of my research around pig butchering, I tend to go towards Telegram just because I’m less comfortable with providing my number to these scammers. And at least the Telegram, you’re using a username. So yeah, it is ultimately about getting you off the platform. Some do it quickly. Some will be like, Hey, I’m too busy, I don’t really check this app, message me here. But then some will actually try to have a conversation with you on the app itself to seed that interest and say, Hey, how’s your day going? But really, it’s taking you off platform. I do believe, yes, indeed, that the people who are operating the profiles are different from the people that are actually conducting the long form conversations off platform absolutely.

Karissa (05:27)
So how quickly talking it to get you off platform? Like, hey, Satnam, and then straight away, we should start talking on WhatsApp or Telegram. Is that how quick we’re talking?

Satnam Narang (05:36)
Within the first few messages, sometimes, yeah. I’ve encountered some instances where it’s within the first two or three messages that they’ll be like, Hey, even if you’re trying to have a conversation with them, they’ll just straight away recommend going to WhatsApp or Telegram just because it’s easier because their job is to farm the victims out to these other platforms. So it’s like the least amount of time you can spend trying to have a conversation, the more opportunities you’ll have to carry on that long con with the individuals who are behind the WhatsApp and Telegram accounts.

Karissa (06:11)
Totally understand. So a couple of things in there I want to unpack. So hypothetically, I’m like, Okay, Satnam, it’s changed to WhatsApp. Are you as potential victim going to be like, Yeah, sure, I’m going to do it. Are people actually doing that? Well, they have to be or else this wouldn’t exist this year.

Satnam Narang (06:28)
Well, the one thing I do also want to point out is that in some instances, the way the pig butchering scam has also worked over the last couple of years is that you might get a random text message or message on WhatsApp directed to somebody saying, Hey, is this Sean? Is this Gabe? Is this someone else? And the goal is to just pretend to be like wrong number, and then they’ll send a picture along with it. And usually it’s of an attractive woman. And they’re hoping that by doing that, they might pique your interest. And then once you say, Hey, sorry, I’m not Sean or Gabe, I’m somebody else, you might continue that conversation. That is one element of it where you’re already off platform on a WhatsApp or SMS or even a Telegram. But then when it’s on dating apps, yeah, the goal is to get you off the platform because really the people who are responsible for the scams themselves, they do devote a lot of time. It’s not a simple one to two day thing. It’s very fascinating. They’ll really try to get you fattened up, so to speak, and believing that you’re actually developing a relationship with this person, and they’ll pretend to be interested in you.

Satnam Narang (07:40)
They’ll actually remember things about you and what you’re doing, where you work, and they’ll ask you whether or not you’ve eaten. It’s very, very distinct and direct. And the hope is that by developing that sense of trust with the victim, they’ll be more likely to actually fall into their trap.

Karissa (08:01)
So what are some of the tactics that these criminals employ? So talk me through some of the examples, perhaps. So, for example, I’ve gone on the criminals there. What are types of things that they’re saying to encourage me to stop using the platform and to switch to Telegram or WhatsApp, for example?

Satnam Narang (08:17)
Well, I think in general, most people don’t really like having conversations on the dating apps themselves because sometimes people just don’t really want to check it. They’ll be getting messages from other people. It’s a lot easier to use a native SMS application on your phone, whether you’re on an iPhone or Android. Also, if you’re a WhatsApp user, which a lot of people are, it’s just naturally a place where people already are carrying on conversations. T he likelihood of you wanting to stay on platform, they also just want to make sure that you can stay off the platform so you won’t message other people and potentially get interested in somebody else because they don’t want you to find someone else to spend your time with. Because if you’re finding a prospective person you want to go out with, you’re going to potentially meet with, you’ll probably forget about them. So they want to make sure you go off platform. T hey’ll even try to convince you to say, Hey, can you delete the app together with me? So they’re really, really laying it on thick.

Karissa (09:17)
Gosh, they’re hoping you don’t find your love of your life on there and you forget about them, the criminal. So you’ve obviously created a pseudonym profile and you’ve come across some of these criminals. Is that correct?

Satnam Narang (09:31)
I have, yes.

Karissa (09:32)
So you know really how it plays out. Okay, so let’s break this down a little bit more. So we’ve talked about where the scams come from, like, you know, tinder and places like that. One of the questions I do have about that, though now as I’m thinking, does t inder have any machine learning, artificial intelligence to detect, hey, this definitely looks like a pig butchering type of act that’s being carried out? Like to say, oh, no, we’ve banned that account. Maybe there’s certain phraseology that they use which could detect potentially that it is some type of scam.

Satnam Narang (10:07)
I don’t think so, Karissa. Because I mean, the conversations are very generic things that you would normally have a conversation with a person on a dating app about. It’s not going to be like a script that I’ve seen. Because I’ve seen tinder bots in the past. These aren’t really bots per se, these are people operating these accounts. It’s very vanilla, very generic. It’s not going to be something that these platforms are able to easily pick up on. That said, I question the fact that it shows location being very close to the victim’s location. They’ll say 20 miles, 30 miles. But the actual individuals who are operating the accounts clearly are thousands of miles away in Southeast Asian countries operating out of there. So maybe they’re either proxying into locations closer to the victims, or I don’t know how they’re doing that.

Karissa (11:02)
The criminals on the platforms, have they created a pseudonym profile for themselves? They’re actually not called Jane, they’re called Mary, for example.

Satnam Narang (11:12)
Yeah. I mean, they’re using stolen photography and images of real women, and they download photos of them doing things that they would normally do in real life, going to parties, going out with friends, having dinner, dressing up in clothes, basically just presenting themselves to be who they claim to be. But obviously, you pick up on it and you’re like, Okay, something doesn’t seem right about it. But I would say probably in my history of researching scams over the last 10 plus years. Actually, I can’t even remember how many years it’s been. It’s been so long since I’ve been doing scamming. This is probably one of the more elaborate scams that I’ve come across. It’s not your garden variety like cryptocurrency scam that is a quick hitter, like impersonating Elon Musk or these cryptocurrency figures like we’ve talked about in the past to try to get you to send your cryptocurrency. They really want to get you to believe that what they’re trying to do is help you capitalize on some of the knowledge that they have or that they’ve gained in order to make lots of money. Because at the end of the day, they’re trying to convince you to part ways with tens of thousands of dollars, up to hundreds of thousands of dollars.

Satnam Narang (12:34)
Some people have lost millions of dollars through these types of scams.

Karissa (12:38)
My God. Okay. This is so interesting for me. It just rattles me a little it. Okay, so the reason why I asked about the photos is because now I’m trying to understand from a tinder or whoever else is out there that leverages these romance platforms that the authentication process. So basically, they don’t really have anything in place. So you just could be like, Hey, my name is Jane. Here’s a photo I stole off the internet. And there we go. I’ve got a profile now. So I don’t have to authenticate by showing my driver’s license. I’m curious of brain. Anything like that. So then it goes back to the ethics then of tinder and friends. Yeah.

Satnam Narang (13:16)
In fact, I’ve seen some profiles have the same photograph. In fact, I’ve shared it with some of the people internally as part of some of the research that I’ll be working on and publishing sometime in the near future. But yeah, I’ve seen some photos of the same person twice. So I know for a fact, because I’ve had conversations with one of those accounts that someone else is using the same photography or photos, it’s just maybe slight difference. Maybe they grabbed a different image of that person, but it’s literally the same person that they are impersonating on tinder. And I.

Karissa (13:48)
Guess, look, if I’m looking at this both ways, if I’m tinder, I don’t want to have that strong, heavy authentication process at the start because it would mean that people aren’t going to pay me money for my application. Would you say that’s correct?

Satnam Narang (14:02)
I think one of the things about tinder, Hinge, and all these other platforms is that they do offer this verification. I don’t want to use the term verification because of all the things going around verification on Twitter at the moment. But basically, you get a little check mark saying you’re a real person, or the person that you have posted a photo of is you. If I’m posting a photo myself, they make me do a pose, and then they say, Okay, you matched the person you posted the photo of. Okay. T hen they give you a little badge or an indicator that you are who you say you are. T here may be in some instances where they’ve actually leveraged that feature to make it seem like they’re really who they say they are, too. O ff the top of my head, I’d have to go back through some of the stuff that I’ve captured, but I can say I have seen some cases where that feature has also been utilized perfectly by them.

Karissa (14:58)
Okay, all right. That makes sense. Obviously, I don’t know. So I’m just trying to understand to have it all fits together. So if I’m a potential victim on here, someone’s photo comes up. I mean, maybe it’s just me and maybe it’s people in security. My natural instinct is to reverse image the photo on Google, try to find out if their name is Mary Jane. Who is Mary Jane? Can I find her on LinkedIn? I’m going to really start going rudimentary recon work on someone. And it’s probably a good reason why I’m in cyber security. But obviously people aren’t doing that enough. So they’re just really reliant on, Oh, okay, this person looks good. They’re not going to question it too much. Clearly not.

Satnam Narang (15:37)
Yeah. No, I think there are some people who do do the things that we do as practitioners. But one of the things about dating apps and things of that nature is that there’s no easy way to just grab a picture. You’d have to take a screenshot. And sometimes the images that they’re using probably won’t turn up a result. They won’t show up with a result of someone associated with that photo. They might do something to the photo to make it so that it won’t show up, maybe alter some pixels. I can’t say definitively because I haven’t actually done any reverse engineering on the photos myself, but you are also not going to surface a lot of photos or images from, say, platforms like Instagram, for example, those might not show up through Google search, at least as far as I’ve seen. Maybe you’ve seen something different. But yeah, it really comes down to being very skeptical. I know we’ll obviously talk about this in a moment about what users can do to protect themselves, but the skepticism factor, I think, has to be on 11 in this case.

Karissa (16:43)
Yeah. No, I think you’re right when it comes to Instagram and all of that. Yeah, it’s definitely a lot harder nowadays than back in the day. So okay, so the victim, they’ve moved from Twitter, for example, they’re onto WhatsApp. Now how does the conversation go? How do we get Is this where the fattening up stage comes into it now?

Satnam Narang (17:04)
Yeah, absolutely. I mean, the goal is to get you to believe that this person actually wants to develop a relationship with you and meet up with you and cook for you. And those they’ll send things about themselves, like what they’re doing during the day. They’ll send photos of them saying, Hey, I’m at the gym, and it’ll be a picture of them at the gym, right? Or they’ll say, Hey, I’m eating this meal. The meal images are very interesting because they look a little too nice in some instances. Like, Oh, I made this for lunch. It’s like, Okay, that looks a little too suspicious. But people might overlook that, or, Hey, my mom’s in town and I’m going to have dinner with her. And then in some instances, they may be like, Hey, I’m going out to this place at this time, and they’ll send a photo of the Los Angeles skyline or something like that. The idea is you’re getting to see a glimpse into their life and then they want you to do the same. They’ll ask you to send a photo of yourself or they’ll ask you about your day, they’ll say, How’s work going?

Satnam Narang (18:04)
Have you eaten? Have you eaten is one of the strange things that I’ve seen really early on. I don’t know if there’s a psychological component to it. Maybe that shows that they’re thoughtful and kind and caring about you and your well being. But yeah, it’s really, really fascinating the links to which these scammers will go to develop that relationship really quickly. And then they’ll also slide in and talk about financial things. They’ll say, Oh, I’m just doing some trading today, or they’ll talk about their cryptocurrency investments to pique your interest. And then they’ll ask you if you’ve actually ever gotten involved in cryptocurrency or how’s your experience with investments. They’ll also tell you that traditional investments are not very good and that cryptocurrency is the way to go because as you know and as we’ve discussed in the past, the traceability factor and the ability to recover your funds is next to impossible when it comes to cryptocurrency. So they’re able to get away with a ton more fraud than they would under traditional finance.

Karissa (19:12)
Okay. So talking about the meal thing, that’s really interesting. So what’s coming to my mind as you’re speaking is one of those fake images that’s clearly being done from, I don’t know, a photographer. So it looks just too good to be true. How can you not pick up on that, though? This is a scam. It’s fake. You didn’t cook that.

Satnam Narang (19:32)
I mean, the ones that I’ve seen, they look pretty fake. But then there’s some that actually look like, hey, not bad. And again, if you think about it, a lot of times when people use Instagram, they post photos of their lives, places they go, meals that they’ve eaten, things like that, meals that they make. So there’s a lot of corpus of data and images that they can use and leverage. So even if it’s a completely unrelated photograph of someone’s meal, not linked to this girl that they’re portraying themselves as, they could still use it and present it as their own. It’s just this level of detail wasn’t really available in mass as it is now, 20 years ago. Things have changed dramatically. We over share in society and on social media. So I think that is allowing these scammers to have even more success because they’re able to leverage all this information that’s out there, all these photos, images, things that are publicly posted on the platforms like Instagram, and it just makes their jobs easier.

Karissa (20:43)
Yeah, I get it. I understand that, of course, having that, Oh, this is my meal today. I can understand how that is effective. But now it’s just like, Well, you got to get your story straight. It’s like, Hey, you’re sending me a photo of chicken that you ate. I thought you were a vegetarian. That would be something that I would pick up on. But again, I’m just crazily weird with details like, That doesn’t check out. Who is this person? You’re a criminal? That’s always my instinct, and I’m always looking at the finer details. But of course, people overlook those things.

Satnam Narang (21:09)
I don’t think there’s instances where they’re going to say they’re vegetarian or vegan or anything like that, they’re going to send you photographs of their meals and it’s going to look like standard meal. Where they do get slipped up on is if they post an image of the skyline and the weather doesn’t match. That’s an instance where you could probably pick up and say, Hey, something doesn’t make sense there. I think the time differential, too, if they’re operating out of Southeast Asia and they talk about how they’re going to go have a meal at like have dinner at like 1 o’clock in the afternoon, that’s pretty suspect. But maybe most people might overlook that and say, Hey, did you mean lunch?

Karissa (21:53)
Yeah, I meant lunch. That’s what I’m saying. It’s the final point. I’m pretty sure it was raining in Los Angeles today and it looks sunny with your photo. But that to me just screams a scam. I don’t get it. Talk to me about, Okay, so all right, this just rattles me so much. It doesn’t make sense. It’s obvious it’s a scam. So why is the scam so effective? Because it’s.

Satnam Narang (22:16)
The trust, Karissa. I mean, at the end of the day, you’re sharing your day with them, you’re talking about your problems and they’ll actually sympathize with you about your problems. They’ll show interest. I think, especially during the last few years, when we think about the lockdowns in a lot of places around the world, people were lonely. And having someone there to talk to and be interested in you in your day to day, it created just the perfect environment for the scammers to have massive success in this type of scam because at the end of the day, we all crave connection. I think that’s what they’re really keying in on, this desire for human beings to connect with other human beings. And if you’re romantically looking for a partner, they’re very attractive photographs of these women that I’ve come across. But I know that women also come across these involving men too. So it’s not just directed towards men only, which typically is what I’ve seen in the past with a lot of the scams on dating apps. It’s basically free for all. And so, yeah, it’s really just about praying on people’s desires and wants for a connection and using that to take advantage of them.

Karissa (23:34)
So obviously they’re messaging and I understand that there’s a level of some companionship, but is there any calls, any video calls, or is it just purely all message? And people are getting into this level of detail. That just perplexes me.

Satnam Narang (23:45)
So they do send voice notes. I have noticed that in some of my research. They do send voice notes. There was an instance where I did get a video call, but I didn’t answer because I was very suspect about that. I was like, That seemed sketchy. I purposefully did not answer the video call. But the voice notes, you could hear the accents, and I don’t know, again, it’s hard to know definitively if the people behind the scams are actually the women in those photos, if they’ve been trafficked in to these places and they’re being held against their will. I don’t know that. And that, for me, I feel mostly for the victims. I shouldn’t say mostly, I feel for the victims, the people who are falling for these scams for tens of thousands, hundreds of thousands of dollars. But what I feel most for is that there are real people behind these messages who could be held against their will, being threatened. I don’t know the specifics around that, but that concerns me greatly. I hope through the exposure of these research pieces, whether it be the ones that we’ve seen already or the stuff that we’re doing or that others will do in the future, that we get some collaboration and coordination to try to take down these networks.

Karissa (25:06)
They probably know it’s wrong and they probably don’t want to do it and they’re forced to do it, which is even a worse position to be in. How do these scams go on for? How long are we talking here? Six, 12 months, longer, shorter?

Satnam Narang (25:18)
I think it can vary from multiple weeks to months. But I think once they start squeezing you for the money, once they start getting money out of you, they’ll try to continue to tap from the well as much as they can until it’s dry or until you basically just stop. From what I’ve heard and what I’ve read, because I haven’t gone through with the full scope of it because I’m not going to put my money on the line. But what I can say is that a key element to this is that they will portray themselves as saying, you’ll get X amount of return on this and you’ll lose it instantly. But if you’re using one of their controlled websites, which is one of the components that they do is that they create these fake investment websites that they can fudge the numbers with to make it seem like you are actually earning money. Then once that happens, you are actually just not going to see your money come back. And then when you try to cash out, they’ll try to squeeze you for more. Or if you lose money, they’ll say, Hey, sorry for your losses that you’ve had, but we can get you back in the game.

Satnam Narang (26:30)
They’ll try to get you to… Kind of like when you’re going out gambling, right? At some point, you have to come to the conclusion like, Okay, enough is enough. But you’ll keep trying because you’re like, Okay, I lost $100. Well, let me bet another $100 to see if I’ll get that $100 back, plus extra. So it plays off of that element, too. But then let’s say you do earn money according to these platforms that they’ve created. They’ll say, Hey, you can’t transfer out your funds because you need to also pay taxes. So then they’ll try to extract more money out of you. So it’s just about trying to get the most out of you to squeeze you dry, completely dry as much as they can. And then at that point, you’re left holding an empty bag because you have nothing. You can try to file a police report or do some things, but again, it’s hard when the scammers are operating out of other countries. And that’s especially when it involves cryptocurrency. Once you get into the cryptocurrency space, as you know, once your money is gone, three courses pretty much there’s nothing you can do.

Karissa (27:37)
Gosh, these guys are going all out with the fake science. And oh, look, it looks like you’re up today with your investment. Wow. Okay. So how soon… Obviously, you haven’t been through with the whole ordeal, so you don’t know specifically. But just say I’m at the end of my tether, this is the last dollar I have, whatever. How quickly do you think people, like the victims, discover they’ve been scammed? Is it instant or is it a couple of days like, Oh, my goodness. Definitely, I’ve been scammed.

Satnam Narang (28:06)
It’s hard to say. I think it’s dependent upon each person. Some people may fully believe that what they’re doing is legit and that they’re actually, Hey, people lose money in the markets. People see cryptocurrency prices plummet within a couple of days. And so it’s expected in a way. So maybe they’ll convince themselves, hey, let me just get back in the game. T hey’ll egg you on too to try to get you to invest more and say, Hey, this is just an anomaly. This is the best time to buy because you buy low and you sell high. So they really play up that factor, too. I think for victims, I think they suspect that something’s amiss, but then they don’t want to believe it because who wants to believe that they’ve been conned? That feeling of admitting that you’ve been conned is one that is really hard, which is also probably why we don’t hear a lot about these losses because victims may not come forward because they’re shame attached to it. I think that emboldens these criminals to continue to operate because it’s like, people aren’t going to talk about they’ve lost tens of thousands of dollars, hundreds of thousands of dollars.

Satnam Narang (29:26)
A friend of mine actually told me that her husband actually lost some money through one of these scams before. And that’s not something that people are going to walk around proudly and admit. So we don’t know the true losses from these scams, which I think makes it even worse because this could be probably one of the most lucrative areas of scams out there.

Karissa (29:48)
No, of course, people aren’t going to be so upfront with that. There was something I posted on LinkedIn about a month or so ago, and it was around, I don’t know if you have it in the US, SatNem. It’s, Hey, mum, I dropped my phone. Can you transfer me some money, I put that on there. And so many people were like, Oh, my goodness, I nearly fell for this. And then I put it on my personal Instagram. I had quite a significant amount of people say, I fell for it, or My mom fell for it. I know somebody almost fell for it. It was crazy. And I was just like, What? When you call someone first, I don’t know. I think these things do exist, right? And it’s so easy to fall victim. But until I started talking about it, people were coming forward and say, Oh, my goodness, thank gosh, you’ve actually said something. I got this message today, of course, having the awareness, doing things like your research and this podcast and everything else to tell people what these schemes are, what they look like, and then how to protect themselves. So then on that front, what are some of the things that people can do to protect themselves?

Satnam Narang (30:48)
I mentioned it earlier on, that scepticism needs to really be in place when it comes to online dating, generally. When you’re generally meeting and connecting with someone through these online dating platforms, you should be a little bit skeptical and have your guard up. But once you start getting asked about your investments and things like that, and they try to talk about getting you into investments and showing you screenshots of their successful investments. As soon as you get a screenshot showing you, Hey, this is what I’m working on. This is how much money I made. That’s a big red flag. That should be like sirens around the block. You should be like, Wait a minute, something’s not right. But let’s say you even discard that and you say, Okay, whatever. Once they try to tell you, Hey, I can help you make X amount of dollars. I can help you become financially free. All you have to do is go onto this website and sign up. Then once they try to get you to do anything financially related is when you should just be like, Nope, block, walk away, or report if you’re on the platform itself.

Satnam Narang (31:58)
But unfortunately, when it comes to things like WhatsApp and SMS, there’s no real mechanism like that besides blocking them. I think that’s one of the things that also sucks about this whole process, because if you’re on the dating app, you can report the profile and then tinder or hinge or Bumble will take them down. But you can’t really do that over SMS or WhatsApp. I think having that skepticism about anything financially related. Yeah, if they ask you about your meals and things like that, you’re probably going to just be like, whatever, okay, this is normal banter, chitter chat, whatever we’re doing. But when it comes down to it, if you get early on in the conversation, whether it’s the first week, couple of weeks, they start talking about financial stuff, walk away, block them, just get out of there.

Karissa (32:48)
I think that’s really great advice. I think also looking at it, it does their story add up. If it’s raining and they post a photo and it’s not raining, probably good indicator it’s a scam. Then paying close attention to the finer details as well, I think that people would always overlook those types of things. Oh, dinner. You mean lunch? Hold them accountable to those things as well. P retty sure I meant lunch. So I think these things are really valuable for people as well. I think one of the things that Pam, your PR manager for Tenable, sent through is some articles of real people that had spoken about these instances. Is there anything that you can share, perhaps, on what were the sentiments from these victims that had been scammed out of a large amount of money?

Satnam Narang (33:34)
Yeah. I think more often than not, the people that do fall for these scams, they genuinely believe that they’re developing a connection with someone. I think that’s one of the things that sucks about this whole process is that it’s like you’re investing your time and energy, and your time and energy is valuable. T hey’re basically squandering it away in order to capitalize financially off of you. I do appreciate when people do come forward. I think it really helps to enlighten the public about these types of scams because when we hear about it, we hear about the amount of money that these scammers are earning from these scams. It helps put into perspective just how big this is. But I think we’ve seen reports about it, we hear about it, but I don’t feel like there’s enough being done. And this is a global issue. It doesn’t just affect the United States. It affects everyone everywhere that’s using a dating app or even a messaging app like WhatsApp. And WhatsApp is absolutely huge. So even if you’re not on T inder, Hinge, Bumble, or whatever, you’re probably got a WhatsApp account and you might get a message from someone saying, Hey, John.

Satnam Narang (34:50)
Hey, Steven. They’ll pretend to be sending you a message, and that’s just one vehicle that they’ll use. So I think at the end of the day, we need to do more to inform the public and through this podcast, through our research. That’s just one step. And I think governments around the world can also step in. I think there’s a lot more that can be done. I think collaboration is ultimately going to be the real game changer. Because once we figure out where these networks of criminals are, we can try to stop them from continuing this.

Karissa (35:23)
Yeah, absolutely right. And of course, there absolutely needs more to be done. So hopefully we can see a move in the right direction. What about what’s all the recent collapse, though, with the whole FFTX side of things? Do you think because of that, we’ll maybe see a decline in this particular scam? I mean, focusing on the crypto side of things now?

Satnam Narang (35:42)
I don’t think so because the FTX incident is completely separate from all this. I mean, it’s been a big news item and it’s been in the news for quite some time and it’s definitely had an impact on cryptocurrency more broadly. But it doesn’t change the fact that people still want to connect. People are still using dating apps, these cameras still see an opportunity and they’re largely using platforms that they create themselves and they’re basically convincing the user that they can make it seem like whatever coin that you’re investing in is going up. There’s still opportunity there. I think, as I mentioned earlier, they could also pivot and say, Well, it’s the buying opportunity. You buy low, and if the market is low, this is better. The best time to buy.

Karissa (36:31)
Definitely worrying. Is there anything that in terms of final thoughts or closing comments, Satnam, you’d like to leave the audience with today?

Satnam Narang (36:39)
Yeah. I think this is probably one of the most difficult things I’ve had to research because I think about it from the perspective of the people who are behind the phones, the screens that are doing this. I worry that there are real people who are potentially being hurt. T hat’s what concerns me the most because the people that are being held against their will. It doesn’t change the fact that I’m also worried about the folks who are losing money. It’s equally bad but I think the people that are getting trafficked in and doing this stuff, that’s what worries me the most. Because of all the success that’s been seen through these types of scams, it’s just emboldening them to continue and maybe it’s growing. I don’t know that, but I can say through my limited exposure to it personally, I still think that there’s a lot more to come in this space and that worries me.

Karissa (37:38)
It worries me too. So I think you’ve been very insightful today. I’m always very interested in hearing about your research and scams does still perplex me. I guess, again, with your sentiments, be skeptical at that 11 mark and question things. If it doesn’t sound right, it probably isn’t.

Satnam Narang (37:55)
Exactly. Yeah. I mean, that old adage that we keep saying in cybersecurity, it sounds too good to be true, it is. It never fails.

Karissa (38:05)
I think that’s something just to be cognizant of. So again, Satnav, thank you so much for your time, for your insights, and thanks for sharing something I know is pretty hard to share, but I guess that’s the reason why we’re having this interview in this podcast is to disseminate that message out. So hopefully that may influence someone to be sceptical, especially when they are operating on these dating apps. So thank you very much again for your time.

Satnam Narang (38:28)
Thank you for having me, Karisa.

Karissa (38:30)
Thanks for tuning in. We hope that you found today’s episode useful and you took away a few key points. Don’t forget to subscribe to our podcast to get our latest episodes. This podcast is brought to you by Mercsec, the specialists in security, search and recruitment solutions. Visit Mersec. Com to connect today. If you’d like to find out how KBI can help grow your cyber business, then please head over to Kbi.Digital. This podcast was brought to you by KBI. Media, the voice of cyber.

Share This